Christian wrote:
> > The sender then proceeded to give detailed information almost as though
> > he'd catted the zone file on our DNS server. It included what the MX
> > records were for a given systems and which server were CNAMEd to which.
>
> > ...so here's my question: How'd he do it? =:)
>
> Well, you could do a whole zone transfer, if you really wanted to, but, to
> the point..
>
> Look, DNS is public information - it's not supposed to be secret or even
> hard to obtain. nslookup has an ls command which lists all hosts
> registered under a certain domain, for example.
>
> Specifics: if you specify type=MX to nslookup, you can lookup MX records
> for a certain host. If you specify type=CNAME, you can lookup CNAMEs for a
> certain host. If you specify type=ANY, I'm quite sure you can do an ls and
> get all information for all hosts for your domain.
Note that `ls' performs a zone transfer. It is possible (and quite
common) for zone transfers to be restricted to certains hosts (e.g.
secondary nameservers).
Even so, you can often obtain a list of host names by obtaining the A
record for a single host, then performing a reverse DNS lookup on each
IP address in the corresponding network.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
